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CLAIMS 

We Claim: 

l^^^^p---^ method of ordering, paying for and/iel\wenng goods and services using 

^ anfioblle station, comprising: X 

53 accessing a gateway by the mobile^tation and transmitting an identification code 

r|4 for mobile station to the gateway; 

45 verifying the identity of Ine mobile station by the gateway by accessing an 

"6 authentication center and comparing variables computed by the mobile station and 
=:7 variables computed bv^e gateway; 

^8 delivering a/digital certificate to the mobile station by the gateway when the 

39 identity of the rrfobiie station have been verified; and 

1 0 reo^iesting a product or service from a seller and transmitting a digital signature, 

1 1 accorprpanied by the digital certificate for a signature verification key as payment to the 

12 s^r. 

1 2. The method recited in claim/1 , wherein the verifying the legitimacy of the 

2 gateway by the mobile station by comparing the variables computed by the gateway 

3 with the variables computed by the mobile station, further comprises: 

4 transmitting from the mobiler station to the gateway a session identification and 

5 an international mobile subscriber identifier; 

/ 
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transmitting the international mobile subscriber identifier^Jpom the gateway to the 
authentication center; 

transmitting from the authentication center teethe gateway a random number 
(RAND), a signed response (SRES), and an erfcryption key; 

computing a variable M1 by the gateway and transmitting the variable Ml and 
the random number to the mobile station; 

computing a variable MV feJy the mobile station; and 

verifying the legitimacyT)f the gateway when the variable M1 equals the variable 

Mr. 

3. The mefhod recited in claim 2, wherein the integrity key (K) is computed by 
both the mobibe station and the authentication center as a function of RAND and Ki, 
where RAND is a random number issued by the authentication center, and Ki is a 
secret Mv contained within the authentication center and the mobile station. 





The method 



nsmitted by the of indicatiotis center to the gateway 



d in claim 3, where RAND the integrity key (K) is 



5- The method recited in claim 1, furthejxibmprising: 

computing a digital certificate by the g^t^ay certifying the mobile station's public 
key (PK); 

computing a variable M3 bf^ the gateway and transmitting the variable M3 and 
the digital certificate to the probile station; 
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6 computing a variable M3* by the mobile station; 

7 verifying the legitimacy of the gateway when the variable M3 ec^a\s the variable 

8 M3\ 

1 6- The method recited in claim 5, wherein the vi^riables M3 and MS* are 

2 computed using the formula M3 = MS' = MAC (K, C), /where MAC Is a message 
;'3 authentication code function, K is an integrity key and C/\s the digital certificate created 
it by the gateway to certify PK. 

1 7. The method recited in claim 1 , wh^erein verifying the identity of the mobile 

~'2 station by the gateway accessing an authentication center and comparing variables 

'3 computed by the mobile station and variables computed by the gateway, further 

_4 comprises: 

5 transmitting a signed respon§6, a public key and a variable M2 computed by the 

6 mobile station to the gateway; 

7 computing a variable M2* by the gateway; 

8 comparing the variable M2 and the variable M2'; and 

9 verifying the identityof the mobile station when variable M2 is equal to variable 
0 M2'. 



1 8- The method recited in claim 7, wherein variables M2 and M2' are computed 

2 using the formula M2 = M2' = MAC (K, {SRES}, PK, [{restrictions}], [alias]), wherein 

3 MAC is a messagfe authentication code function, SRES is a signed response, K is an 
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4 integrity key, PK is a public key, restrKifions are limits on the certificate and alias is an 

5 alternate identification for the rr>dDile station. 



The method recited in claim 1 , wherein requestinp^ product or service from 

(A 

2 r^kseWer and transmitting the digital signature, accompanied by the digital certificate for 




^3 

5 
6 
7 
8 



the signature verification key as payment to the selier, further comprises: 
transmitting the certificate with the requefst for the product or service; 
receiving an invoice from the seller hroicating a price for the product or service; 
computing a digital signature oryme invoice; 

approving the invoice by tractsmitting the digital signature to the seller; and 
accepting delivery of the/product or service by the buyer. 



1 10- The methoel recited in claim 9, wherein the seller upon transmission of the 

2 digital signature, fynher comprises: 

3 verifyirjgihe digital signature; 

4 v^Fifying that restrictions associated with the digital certificate are not violated; 

5 and 

6 v.x:i:ea ting the an doouu i illn g record Tor the product or service soicrr 



1 11, The method recited in claim 10, further comprising: 

2 transmitting from the seller to the gateway the accounting record having an 
invoice and digital signature of a customer of a home network operator service; 
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4 determining by the gateway that a corresponding record exists in a local 

5 database and the validity of the digital signature^/ 

6 determining whether the invoice vioiates any restrictions contained in the 

7 corresponding record; / 

\ crediting the seller with an amount equal to that in the invoice; and 

9 billing the buyer with the^mnount of the invoice. 

j1 12. The methpa recited in claim 1, further comprising: 

12 verifying the legitimacy of the gateway by the mobile station by comparing the 

3 variables computed by the gateway with the variables computed by the mobile station. 

..A Oa TX7 The method recited iri claim 11, wherein delivering a digital certificate to 

station by the g^rfeway when the identity of the mobile station and the 
^^r gateway have been verified, further comprises: 

7 requesting a digital certificate by the mobile station from the gateway used to 

8 order and pay foj/a product or service from a seller 

1 A^,/^ fK system for ordering, paying for and delivering goods and services using 

2 a mobile station, comprising: 

3 / ^ GSM authentication module to verify that the mobile station is permitted to 

4 access a telecom infrastructure; 

5 / a mobile station certificate acquisition module to request a digital certificate for 
6l— -4heTTio5iie statiorvFr'&rrra gatowoy ^-ajodl 
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7 a gateway certificate generati^^rTmodule to verify that the mobile station is 

8 authorized to receive the digffal certificate by transmitting an international mobile 
^^/^^ subscriber identifiejo^feceived from the mobile station to an authentication center, 
jCj/ calculatevapi^mes based on information received from the authentication center and 
M conripafe them to variables computed by the mobile station, and issue the digital 
12 ydertifiQ ^e^erjhe^ sta tion when tl =te"Vaffrabte s ^! ifc> t< fe 

[M 15. The system recited in claim 14, wherein the mohHe station certificate 

"{2 acquisition module verifies that the gateway is authorized to i^ue the digital certificate 

T3 through the use of comparing variables computed by t|?(e gateway and the mobile 

34 station. / 

3l 16. The system recited in claim 15, farther comprising: 

^2 a buyer purchase module to request/ihe purchase of a good or sen/ice from a 

3 seller, present the digital certificate to the seller, receive an invoice and provide the 

4 seller with a digital signature approving the purchase of the good or sen/ice; 

5 a seller sales module to veriw the validity of the digital certificate and the validity 

6 of the digital signature, issue an invoice, generate an accounting record and deliver a 

7 product or service; / 

8 a seller billing moduhs to transmit to the gateway the accounting record and 

9 receive a response indicating if the accounting record has been approved for payment; 
10 and / 
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11 a gateway billing module to verify the accounting record and ai^i accompanying 

12 signature, and issue a credit to the seller and debit to the buyer when the accounting 

13 record and the accompanying signature are verified. / 

1 17. The system recited in claim 16, wherein the gat^ay certificate generation 

2 module transmits an international mobile subscriber idefntifier to the authentication 
^^3 center, receives a random number, a signed response and an encryption key from the 
li^ authentication center, computes a variable Ml , M2', ^nd M3 and verifies the validity of 
"^j5 the mobile station by comparing variable M2 received from the mobile station with 
M6 variable M2'. / 

fTl 18. The system recited in claj/n 14, wherein the mobile station further 

;i2 comprises: / 

3 a subscriber identification moduli (SIM) used to compute a signed response and 

4 a ciphering key based on a secret key, installed by a home network operator service in 

5 the subscriber identification module upon signing up for a service plan, and a random 

6 number obtained from an authenljcation center in the home network operator service; 

7 an A3 algorithm module/ contained in the SIM, is used to compute the signed 

8 response; and / 

9 an A8 algorithm module, contained in the SIM, is used to compute the ciphering 

10 key, wherein through the/transmission of signed responses to and from the mobile 

1 1 station a telecommunication infrastructure is able to verify that the mobile station is 

12 authorized to access tme telecommunication infrastructure and the gateway. 
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A computer program embodied on a compfuter readable medium and 
Executable by a computer for ordering, paying foj^^d delivering goods and services 
using a mobile station, comprising: 

a GSM authentication code segm^tto verify that the mobile station is permitted 
to access a telecom infrastructure; 

a mobile station certificj^e acquisition code segment to request a digital 
certificate for the mobile station from a gateway; and 

a gateway certificate generation code segment to verify that the mobile station 
is authorized to receive the digital certificate by transmitting an international mobile 
subscriber ider;yufier received from the mobile station to an authentication center, 
calculate v^iables based on information received from the authentication center and 
compare them to variables computed by the mobile station, and issue the digital 
cerfificate to the mobile station when the variables match. 



1 20. The system recited in claim 19, wherein the/mobile station certificate 

2 acquisition code segment verifies that the gateway is smthorized to issue the digital 

3 certificate through the use of comparing variables qomputed by the gateway and the 

4 mobile station. 

1 21, The computer program recite^i in claim 19, further comprising: 

2 a buyer purchase code segmenjrto request the purchase of a good or service 

3 from a seller, present the digital certrncate to the seller, receive an invoice and provide 

4 the seller with a digital signature approval the purchase of the good or service; 
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5 a seller sales code segment to verify the validity of the digital ceFfificate and the 

6 validity of the digital signature, issue an invoice, generate an accounting record and 

7 deliver a product or service; 

8 a seller billing code segment to transmit to the gatewafy the accounting record 

9 and receive a response indicating if the accounting record has been approved for 
10 payment; and 

[J1 a gateway billing code segment to verify /the accounting record and an 

tT=2 accompanying signature, and issue a credit to th^ seller and debit to the buyer when 

■in 

Jt3 the accounting record and the accompanying signature are verified. 

22. The computer program recited in claim 20, wherein the mobile station 
certificate acquisition code segment/ transmits a session identification and an 
international mobile subscriber identifier to the gateway, receives a random number and 
a variable M1 from the gateway anca verifies that the gateway is authentic by computing 
and comparing the variable MVjwWh M1. 
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23. The computerprogram recited in claim 1 9, wherein the gateway certificate 
generation code segment/transmits an international mobile subscriber identifier to the 
authentication center, receives a random number, a service response and an encryption 
key from the authentication center, computes a variable M1 , M2', and M3 and verifies 
the validity of the mobile station by comparing variable M2 received from the mobile 
station with variabl/M2'. 




